Cybersecurity: Mitigate Against Hacking, Ransomware, and Data Breach Risks

Instructions for Members Affected by Ransomware Attack Against Allscripts

EHR vendor Allscripts suffered a ransomware attack on January 18, 2018. Any member of The Doctors Company who has been affected should send notification of the matter to us at We will put the member in touch with a privacy attorney. Privacy counsel will, in turn, be liaising with Allscripts to determine what, if any, notifications will be required from this incident and who will be making them.

Members should not provide notice to their patients and/or the OCR unless and until privacy counsel makes a recommendation to do so. Most ransomware incidents do not result in a notifiable breach, so notification before all the facts are known and analyzed can be a major misstep and result in unnecessary headaches, lawsuits, and governmental inquiries. If members do have notification obligations, we will coordinate with them to provide notifications (or to ensure that Allscripts provides them on the member’s behalf, which is how similar matters have been handled in the past).


June 12, 2017
Cybersecurity Must Be Part of Every Healthcare Professional’s Job

Recent cyberattacks have been devastating. They’ve cost billions of dollars, angered and potentially endangered patients, eroded the reputation of healthcare organizations, and left institutions and individual physicians exposed to HIPAA violations. Cybersecurity is no longer just an IT issue. Every employee and every organization needs do their part.


June 12, 2017
Cyberattacks Threaten Patient Safety
When it comes to cybersecurity, more than money and IT security are at risk—patient safety is also compromised by a cyberattack.

Cybersecurity and Data Breaches
This CME on-demand course provides vital information to reduce chances of data breaches and avoid the threat of a cyberattack. Learn how to mitigate risks, monitor security, avoid penalties for noncompliance, and respond appropriately in the event of a cyberattack.

Ransomware: Tactics for Defense and Response
Cyberattacks against healthcare organizations, especially ransomware attacks, are becoming more frequent and more sophisticated as criminals seek to exploit a lucrative market for personal health information (PHI).

Seven Tips to Help Stop Ransomware
Our Chief Information Officer shares the top seven tips to help you prevent a ransomware attack.


March 21, 2016
The Three Options in a Ransomware Attack: Restore if Possible, Pay, or Lose Patient Information
Ransomware is an attack where a business or individual’s computer system is held hostage by cybercriminals until a ransom is paid. Hospitals, medical practices, and businesses should take full precautions to prevent a hack that results in ransomware being installed.


March 25, 2015
Be Cybersecure: Protect Patient Records, Avoid Fines, and Safeguard Your Reputation
Cybercrime costs the U.S. economy billions of dollars each year, and healthcare organizations are the most frequently attacked. This article outlines steps you can take to be fully compliant with HIPAA privacy and security rules and to avoid breaches.

Healthcare Data Breaches—Risks and Mitigation Tips
In today’s changing practice environment, healthcare data breaches have become a question of “when,” not “if.” A data breach can lead to millions of dollars in unexpected expenses, as well as lawsuits and regulatory investigations.

Case Studies: Healthcare Data Breach Risks
The healthcare industry suffers more data breaches than any other business segment—a total of 51 percent of all breaches. This video presents an overview of the cybersecurity threats facing healthcare organizations and what they can do to mitigate their risk.

Handling Protected Health Information? Make Sure You’re Cybersecure
Healthcare entities are the most vulnerable to cyberattacks. Learn how to protect your practice from a breach and ensure HIPAA compliance.


Additional Cybersecurity Resources

American Hospital Association
Cybersecurity Resources

National Institute of Standards
Cybersecurity Framework

Security Risk Assessment

U.S. Department of Health and Human Services
Addressing Gaps in Cybersecurity: OCR Releases Crosswalk Between HIPAA Security Rule and NIST Cybersecurity Framework.

DHHS Office for Civil Rights
HIPAA Security Rule Crosswalk to NIST Cybersecurity Framework

Cyber Liability Protection for Members

Medical malpractice insurance from The Doctors Company automatically includes CyberGuard® cyber liability coverage, which protects doctors against regulatory and liability claims arising from the theft, loss, or accidental transmission of patient or financial information, as well as the cost of data recovery.

Stay in the Know with Our Monthly Newsletter

Sign up to receive The Doctor’s Practice.

Our e-mail newsletter delivers timely updates across a range of topics each month, including
patient safety, legislative updates, and the latest industry and company news.


Follow us: Follow The Doctors Company on Twitter Watch The Doctors Company on YouTube The Doctors Company on LinkedIn Like The Doctors Company on Facebook Follow The Doctors Company on Google+

© The Doctors Company. All rights reserved. Legal Notices and Privacy Policy | Glossary of Insurance Terms